How to Make Sure Your Free WordPress Theme is Free of Malicious and Hidden Code

If you downloaded your WordPress theme from a “free themes” site, other than the official WordPress themes site, there is a possibility that your themes are “dirty” with encrypted code or outbound links embedded in them.

I find themes all of the time with php files loaded with garbage that shouldn’t be there. Why is it there? Usually to add some sort of tracking and “hide” the source code to make any included backlinks difficult to remove.

This is annoying and well, rather unethical. What happens when you try to just remove the encrypted code? Well, it usually includes a critical portion of the WordPress theme, so simply erasing this encrypted code will often break part (or all) of the Website.
Note to these guys: If you’re going to give something away, you shouldn’t “trick” people into linking back by using deceptive encrypted code. God knows what else they could include in these themes, so since whoever made this wants to sucker me, I’ll remove every reference I can before using that theme.

Enter the TAC – Theme Authenticity Checker. This helpful little plugin identifies encrypted code and outbound links embedded in themes. It’s especially useful for beginners who may not know where jerk-offs try to slip in a little extra something into WordPress themes. It will review the theme, locate any encrypted code/outbound links and present them to you along with the page and line in the code where it begins.

Install the TAC plugin and open its page from your WordPress Admin. Choose the theme you want to check authenticity for. It will report anything it sees.

Typically, I find the annoying encrypted code into the footer. This is usually an easy fix. Here is how I remove it from the WordPress theme:

Go to your Theme Editor.

Open up Footer.php.

Scroll to the bottom (the code usually starts with “base”-something along with a long string of alphanumerics.)

Open up a new browser tab and visit the Website.

Open up the Source of the Website.

Since now the encrypted code is rendered on the page, copy the entire rendered Footer code where the encrypted code begins in the Editor.

Paste the Footer Code from the source page into the Editor page, erasing the encrypted code.

On the rendered footer code you just pasted, remove any backlinks the offender has added.

Tip: Backup the theme’s Footer.php code into another text file before you Update any edits you make. This way, you can restore the unauthentic code temporarily in case doing the above does end up breaking something and you need to try again.)

Some other common places you can find crap code slipped into your WordPress themes:

Functions.php

Header.php

Sidebar.php

The TAC plugin should check all of these files and report back to you what it finds. If your functions.php file is tainted, often this has been copied or never edited from another WordPress theme.

Look for any references to names (such as ‘kubrik’, the classic WordPress default template) that could be another theme that they used for the functions. Then, you simply find that original theme, copy its functions.php code and overwrite the malicious one.